A New Human Identification Protocol and Coppersmith’s Baby-Step Giant-Step Algorithm

  • Hassan Jameel Asghar
  • Josef Pieprzyk
  • Huaxiong Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6123)


We propose a new protocol providing cryptographically secure authentication to unaided humans against passive adversaries. We also propose a new generic passive attack on human identification protocols. The attack is an application of Coppersmith’s baby-step giant-step algorithm on human identification protcols. Under this attack, the achievable security of some of the best candidates for human identification protocols in the literature is further reduced. We show that our protocol preserves similar usability while achieves better security than these protocols. A comprehensive security analysis is provided which suggests parameters guaranteeing desired levels of security.


Human Computer Cryptography Human Identification Protocols Entity Authentication 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Hopper, N.J., Blum, M.: Secure Human Identification Protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Jameel, H., Shaikh, R.A., Lee, H., Lee, S.: Human Identification Through Image Evaluation Using Secret Predicates. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 67–84. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Jameel, H., Shaikh, R., Hung, L., Wei, Y., Raazi, S., Canh, N., Lee, S., Lee, H., Son, Y., Fernandes, M.: Image-feature based human identification protocols on limited display devices. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 211–224. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Matsumoto, T., Imai, H.: Human Identification through Insecure Channel. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 409–421. Springer, Heidelberg (1991)Google Scholar
  5. 5.
    Jermyn, I., Mayer, A., Monrose, F., Reiter, M., Rubin, A.: The design and analysis of graphical passwords. In: 8th USENIX Security Symposium (1999)Google Scholar
  6. 6.
    Wang, C.H., Hwang, T., Tsai, J.J.: On the Matsumoto and Imai’s Human Identification Scheme. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 382–392. Springer, Heidelberg (1995)Google Scholar
  7. 7.
    Matsumoto, T.: Human-computer cryptography: An attempt. In: 3rd ACM Conference on Computer and Communications Security, pp. 68–75. ACM Press, New York (1996)CrossRefGoogle Scholar
  8. 8.
    Li, X.-Y., Teng, S.-H.: Practical Human-Machine Identification over Insecure Channels. Journal of Combinatorial Optimization 3, 347–361 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Li, S., Shum, H.-Y.: Secure Human-computer Identification against Peeping Attacks (SecHCI): A Survey. Unpublished report, available at Elsevier’s Computer Science Preprint Server (2002)Google Scholar
  10. 10.
    Weinshall, D.: Cognitive Authentication Schemes Safe Against Spyware (Short Paper). In: 2006 IEEE Symposium on Security and Privacy, pp. 295–300 (2006)Google Scholar
  11. 11.
    Golle, P., Wagner, D.: Cryptanalysis of a Cognitive Authentication Scheme. Cryptology ePrint Archive, Report 2006, /258,
  12. 12.
    Bai, X., Gu, W., Chellappan, S., Wang, X., Xuan, D., Ma, B.: PAS: Predicate-Based Authentication Services Against Powerful Passive Adversaries. acsac. In: 2008 Annual Computer Security Applications Conference, pp. 433–442 (2008)Google Scholar
  13. 13.
    Li, S., Shum, H.-Y.: Secure human-computer identification (interface) systems against peeping attacks:SecHCI. IACR’s Cryptology ePrint Archive: Report 2005/268 (August 2005)Google Scholar
  14. 14.
    Stinson, D.: Some Baby-Step Giant-Step Algorithms for the Low Hamming Weight Discrete Logarithm Problem. Math. Comp. 71, 379–391 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Agnew, G., Mullin, R., Onyschuk, I., Vanstone, S.: An Implementation for a Fast Public-Key Cryptosystem. J. Cryptography 3 (1991)Google Scholar
  16. 16.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  17. 17.
    Li, S., Asghar, H.J., Pieprzyk, J., Sadeghi, A.-R., Schmitz, R., Wang, H.: On the Security of PAS (Predicate-Based Authentication Service). In: ACSAC ’09: Proceedings of the 2009 Annual Computer Security Applications Conference, pp. 209–218 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Hassan Jameel Asghar
    • 1
  • Josef Pieprzyk
    • 1
  • Huaxiong Wang
    • 1
    • 2
  1. 1.Center for Advanced Computing – Algorithms and Cryptography, Department of Computing, Faculty of ScienceMacquarie UniversitySydneyAustralia
  2. 2.Division of Mathematical Sciences, School of Physical & Mathematical SciencesNanyang Technological UniversitySingapore

Personalised recommendations